I'm a privacy pragmatist, writing about the intersection of law, technology, social media and our personal information. If you have story ideas or tips, e-mail me at khill@forbes.com. PGP key here.
These days, I'm a senior online editor at Forbes. I was previously an editor at Above the Law, a legal blog, relying on the legal knowledge gained from two years working for corporate law firm Covington & Burling -- a Cliff's Notes version of law school.
In the past, I've been found slaving away as an intern in midtown Manhattan at The Week Magazine, in Hong Kong at the International Herald Tribune, and in D.C. at the Washington Examiner. I also spent a few years traveling the world managing educational programs for international journalists for the National Press Foundation.
I have few illusions about privacy -- feel free to follow me on Twitter: kashhill, subscribe to me on Facebook, Circle me on Google+, or use Google Maps to figure out where the Forbes San Francisco bureau is, and come a-knockin'.

Sen. Franken Wants Apps To Get Explicit Permission Before Selling Your Whereabouts To Random Third Parties

Last week, I spotted Neil Patrick Harris at a ramen restaurant in D.C. and tweeted about it. I immediately felt a little twinge of guilt about ratting out the star’s location to my Twitter followers… especially after he looked at his phone and started peering around the tiny restaurant, as if he’d spotted my tweet and was looking for the responsible party. This is one of the downsides of being a public figure in the age of instant public communication; their recognizability makes it harder for them to maintain location privacy. But it’s not just the Neil Patrick Harrises of the world who have to worry about their whereabouts being disclosed to third parties by fans; your smartphone is your biggest fan and it’s constantly telling apps where you are.

Our smartphone apps are increasingly sucking up information about where we are at any given time in order to improve their operations (to show us the closest ramen restaurant, for example); to support other operations (using aggregate location data from lots of phones to tell us how bad the traffic is to get there); or just to make some cold hard cash off your data (telling all the other businesses near the ramen restaurant that they should be sending you coupons). Free apps say this helps them stay free. But free apps aren’t the only ones getting in on the location-data monetization party. Even services you pay for are starting to pass along your location info to interested advertisers. If Verizon is your phone provider of choice, your location data is currently being bundled and sold, unless you’ve opted out.

Senator Al Franken of Minnesota isn’t the hugest fan of the fast and loose economy growing up around our location data, so he’s pushing a location privacy bill that would require companies to get your permission to see where you are and then to get explicit permission to provide your whereabouts to third parties (instead of just slipping a clause into their privacy policies that gives them that right). They’d actually have to provide a list of the third parties getting the location lowdown. Franken’s bill would also criminalize “cyberstalking apps” — creepy apps that can be placed on mobile devices that surreptitiously report a phone user’s location to another party. He originally presented the bill in 2011. On Thursday, it got the thumbs up from the Senate Judiciary Committee; while it’s unlikely to be passed by the end of this session, Franken will be pushing for it to see the light of legislative day in 2013.

“Location information is extremely sensitive information,” Franken said during a Senate Judiciary Committee hearing Thursday. “Parties with access to this information know what roads you take to work, the church you go to, where you drop your kids at school, and the doctors you go to.”

Franken mentioned a recent Federal Trade Commission investigation into smartphone apps aimed at children that found that 12 of the apps were collecting precise geolocation information about the kiddies without getting parental consent. (As concerned as we are about kids’ privacy, it’s worth noting that one of the exceptions to criminal cyberstalking apps in the bill would be parental monitoring ones that protective adults can use to track their minor children. All other apps would need to give notice when relaying a person’s location to another person.)

“If a company wants to give your location to third parties, they need your permission,” said Franken.

Senator Chuck Grassley of Iowa was a little warier of the crackdown on the location economy.

“The marketplace surrounding mobile apps … is a complex industry that’s still evolving,” said Grassley. He expressed concern that the constant location notifications might cause “consumers to revolt” and might result in many free apps having to become fee-based.

He suggested that when apps say to which third parties they’re providing your location information they include the categories of companies rather than a list of the actual companies — many of which you probably wouldn’t recognize.

We’ll see what 2013 holds for this bill. In the meantime, check out the WSJ’s handy (but dated) guide to “what apps know about you” to see which apps on your phone are collecting your location information and which ones are passing it along to third parties. If you’re not comfortable with your location being monetized, you might want to take Angry Birds off your phone.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

Is another law really needed / going to work? There is a rather simple remedy for this issue. However, it does require smart phone users to be responsible / accountable for the way that they use their phone and actually read Terms of Service. Then, if you don’t want your location known, TURN OFF THE GPS in your phone and ALL LOCATION SERVICES!! Granted, you won’t be able to “check-in” everywhere but the user has to decide what is more important, their privacy or the freebies, or their ability to broadcast their location via FB and Foursquare. You can turn the GPS on when you want to use a mapping app. It’s really not that hard to do. A little common sense goes a long way. You know all those “free” apps you have on your phone? How do you think the developers get paid? Either through ads or by selling something.

Wait, so you’re willingly going to limit your options? This doesn’t seem like the best scenario to me. Companies should have your permission to track your location, regardless if a law is involved or not, because it’s a matter of respect! If someone is following you around that much, it’s called stalking! But since companies don’t always do the right thing, a law needs to be made so they can be punished for it. Unfortunately, that’s how it seems to work.

God! A grown up! Thank you for recognizing that one’s privacy should be important enough to oneself to actually pay attention to how it might be invaded. And besides, if someone is actively disclosing their activities and location, how private is their life?

Reading the terms of service does not work because apps can just collect your location without you knowing about it and not even mention it in their terms of service.

Turning off GPS is inconvenient because you disable those apps you need, e.g. Google Maps if you are lost and need to figure out where you are.

Telling people to simply turn off GSP because some apps steal location data without your permission is like telling people to stop spending money because some products you buy may be faulty. You need money to buy things like food, clothes, and shelter, so if someone complains that some products are faulty and you say, “Hey, I have an idea, why don’t you just stop spending money,” then that person starves to death. It is better to focus on how to prevent faulty products from being sold, e.g. through consumer protection legislation. That is the approach suggested in this article regarding mobile phone apps.

People need to be in charge of the information that concerns them, meaning they should take the time to read the agreements that stipulate which companies have use of their information and how it’s being used….. and if companies are selling your ‘purchasing profile’ it should be you that gets a cut of the profits. Think about it, if a person is a profile of recent purchases (online or otherwise), the value of your profile is directly proportional to how much you buy and where..

Thank you Mr. Franken, for pursuing such obviously positive legislation.

To response to another comment posted here, yes this legislation is needed. Turning off GPS is not enough to prevent your location from being detected. I am a software developer, and I more often use your IP address to determine your location, usually within a few hundred yards. Also, cell phone tower triangulation is also a reliable source of location information, independent of GPS. My First-Gen iPhone did not have a GPS device, and it was able to reliably determine my location in Google Maps just fine.

Liberty is to be free and independent Without slavery, imprisonment, or loss of right. Though bit-by-bit many try to steal it away For if they were to take it all at once, we’d fight.

So protect your liberty that others don’t have For beside life, there’s nothing more precious on Earth. Too many have yearned, fought, suffered, and died for it And we must never lose sight of what liberty is worth.

Evil loves to strike liberty from the cheeks of all And it’s been that way since the beginning of time. For a mind that’s not allowed to have a free thought Becomes but a slave to the masters of mankind.

GOD’S POET TOM ZART

The Lord can close doors no man can open And open doors no man can close. It’s up to us to prove our Heavenly worth By our lifetime example of the path we chose.

Tom’s 481 Poems Are Free To Share! By God’s Poet Tom Zart Most Published Poet On The Web!

No kidding they should do more to protect our privacy. Sure, it’s honestly… Rather dead thanks to the internet. But that doesn’t mean companies have the right to spy on us through our phones without us knowing or just by slipping some fine print in policy documents most people don’t even read. >_>